A simple script for (re)signing android apk's

apksign.sh

#!/bin/bash

# Copyright (c) 2013 Frederik Wallner
# http://frederikwallner.com
#
# Permission is hereby granted, free of charge, to any person obtaining
# a copy of this software and associated documentation files (the "Software"),
# to deal in the Software without restriction, including without limitation
# the rights to use, copy, modify, merge, publish, distribute, sublicense,
# and/or sell copies of the Software, and to permit persons to whom the
# Software is furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included
# in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
# IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
# CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
# TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
# SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

if [ $# -lt 3 ]; then
    echo "usage: $0 keystore source target [-z zipalign]" >&2
    exit 1
fi

# Check for jarsigner
hash jarsigner 2>/dev/null || { echo >&2 "jarsigner is not installed. Aborting."; exit 1; }

KEYSTORE="$1"
ORIGINAL="$2"
TARGET="$3"

ZIPALIGN=

TMP_FOLDER="/tmp/apksign"
TMP_APK_FOLDER="$TMP_FOLDER/app"
TMP_APK_META_FOLDER="$TMP_APK_FOLDER/META-INF"
TMP_STRIPPED_APK="$TMP_FOLDER/tmp-app.apk"
TMP_FINAL_APK="$TMP_FOLDER/final-app.apk"

OPTIND=4
while getopts z: opt; do
    case $opt in
        z)
            ZIPALIGN="$OPTARG"
            echo "Specified zipalign path: $ZIPALIGN" >&2
            ;;
        \?)
            echo "Invalid option: -$OPTARG" >&2
            exit 1
            ;;
        :)
            echo "Option -$OPTARG requires an argument." >&2
            exit 1
            ;;
    esac
done

shift $((OPTIND-1))

# Create tmp folder if it doesn't exist
mkdir -p "$TMP_FOLDER"

# If we have junk data from other runs, delete it
if [ -d "$TMP_APK_FOLDER" ]; then
    echo "Old data found, cleaning up" >&2
    rm -rf "$TMP_APK_FOLDER"
fi

# Unzip the apk
echo "Unpacking apk" >&2
unzip -q "$ORIGINAL" -d "$TMP_APK_FOLDER"

# Remove old certificates if they exist
if [ -d "$TMP_APK_META_FOLDER" ]; then
    echo "Removing old signing" >&2
    pushd "$TMP_APK_META_FOLDER" > /dev/null
    rm -v *.RSA
    rm -v *.SF
    popd > /dev/null
fi

# Zip the apk back up
echo "Packing apk" >&2
pushd "$TMP_APK_FOLDER" > /dev/null
# NOTE: It would be nice to replace ditto with zip but I haven't been able to pack it the same way... :/
ditto -c -k --sequesterRsrc --keepParent ./ "$TMP_STRIPPED_APK"
#zip -qr "$TMP_STRIPPED_APK" *
popd > /dev/null

# Sign the apk using the provided keystore
echo "Signing app" >&2
jarsigner -sigalg MD5withRSA -digestalg SHA1 -keystore "$KEYSTORE" -storetype pkcs12 "$TMP_STRIPPED_APK" 1

# Zipalign if requested
if [ "$ZIPALIGN" != "" ]; then
    echo "Optimizing apk" >&2
    $ZIPALIGN 4 "$TMP_STRIPPED_APK" "$TMP_FINAL_APK"
else
    TMP_FINAL_APK="$TMP_STRIPPED_APK"
    echo "Notice: This apk is not optimized and not suited for release on the play store." >&2
    echo "Please run this script again with the -z flag." >&2
fi

# Final check
if [ ! -e "$TMP_FINAL_APK" ]; then
    echo "Error: Something went wrong with the signing." >&2
    exit 1
fi

# Move the apk
echo "Packaging as $TARGET" >&2
cp "$TMP_FINAL_APK" "$TARGET"

# Clean up
rm "$TMP_STRIPPED_APK"
if [ "$TMP_STRIPPED_APK" != "$TMP_FINAL_APK" ]; then
    rm "$TMP_FINAL_APK"
fi
rm -rf "$TMP_APK_FOLDER"